CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6201 CVE-2004-2436 +Priv 2004-12-31 2021-04-14
2.1
None Local Low Not required Partial None None
Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges.
6202 CVE-2004-2419 2004-12-31 2017-07-11
2.1
None Local Low Not required Partial None None
Keene Digital Media Server 1.0.2 allows local users to obtain usernames and passwords by reading the dmscore.db file on the local system.
6203 CVE-2004-2414 +Info 2004-12-31 2017-07-11
2.1
None Local Low Not required Partial None None
Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.
6204 CVE-2004-2410 DoS 2004-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2.0.1 might allow attackers to cause a denial of service (null pointer dereference).
6205 CVE-2004-2400 2004-12-31 2017-07-11
2.1
None Local Low Not required Partial None None
WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, which allows local users to gain access to the credentials.
6206 CVE-2004-2398 2004-12-31 2017-07-11
2.1
None Local Low Not required Partial None None
Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
6207 CVE-2004-2395 DoS 2004-12-31 2017-07-11
2.1
None Local Low Not required None None Partial
Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.
6208 CVE-2004-2394 2004-12-31 2017-07-11
2.1
None Local Low Not required None Partial None
Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.
6209 CVE-2004-2365 DoS 2004-12-31 2017-07-11
2.1
None Local Low Not required None None Partial
Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
6210 CVE-2004-2337 2004-12-31 2017-07-11
2.1
None Local Low Not required Partial None None
The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed with world readable permissions, which allows local users to obtain user POP3 credentials.
6211 CVE-2004-2331 Bypass +Info 2004-12-31 2017-07-11
2.1
None Local Low Not required Partial None None
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
6212 CVE-2004-2321 2004-12-31 2017-07-11
2.1
None Local Low Not required Partial None None
BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.
6213 CVE-2004-2309 Dir. Trav. 2004-12-31 2017-07-11
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR command.
6214 CVE-2004-2302 DoS 2004-12-31 2017-02-19
2.6
None Local High Not required Partial None Partial
Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 allows local users to read kernel memory and cause a denial of service (crash) via large offsets in sysfs files.
6215 CVE-2004-2276 Bypass 2004-12-31 2017-07-11
2.1
None Local Low Not required None Partial None
F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection.
6216 CVE-2004-2258 2004-12-31 2017-07-11
2.1
None Local Low Not required None Partial None
Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab.
6217 CVE-2004-2230 DoS Overflow 2004-12-31 2017-07-11
2.1
None Local Low Not required None None Partial
Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket.
6218 CVE-2004-2219 2004-12-31 2017-07-11
2.6
None Remote High Not required None Partial None
Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.
6219 CVE-2004-2169 DoS 2004-12-31 2017-07-11
2.1
None Local Low Not required None None Partial
Application Access Server (A-A-S) 1.0.37 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long file request.
6220 CVE-2004-2136 2004-02-19 2016-10-18
2.1
None Local Low Not required Partial None None
dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.
6221 CVE-2004-2135 2004-05-26 2016-10-18
2.1
None Local Low Not required Partial None None
cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.
6222 CVE-2004-2097 2004-12-31 2017-07-11
2.1
None Local Low Not required None Partial None
Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd.
6223 CVE-2004-2083 2004-02-11 2017-07-11
2.6
None Remote High Not required None Partial None
Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."
6224 CVE-2004-2022 DoS Exec Code Overflow 2004-12-31 2017-07-11
2.1
None Local Low Not required None None Partial
ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.
6225 CVE-2004-2014 2004-12-31 2018-10-03
2.6
None Local High Not required None Partial Partial
Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.
6226 CVE-2004-2011 DoS 2004-12-31 2017-07-11
2.6
None Remote High Not required None None Partial
msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI.
6227 CVE-2004-1983 DoS 2004-05-02 2017-07-11
2.1
None Local Low Not required None None Partial
The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors.
6228 CVE-2004-1957 XSS 2004-04-21 2017-07-11
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php.
6229 CVE-2004-1933 Bypass 2004-04-12 2017-07-11
2.1
None Local Low Not required Partial None None
Citadel/UX 5.00 through 6.14 installs the database directory and files with world-read permissions, which could allow local users to bypass access controls and read unauthorized messages.
6230 CVE-2004-1922 DoS 2004-04-11 2016-10-18
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size.
6231 CVE-2004-1909 DoS 2004-12-31 2017-07-11
2.6
None Remote High Not required None None Partial
Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm.
6232 CVE-2004-1907 DoS 2004-12-31 2017-07-11
2.6
None Remote High Not required None None Partial
The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing "%13%12%13".
6233 CVE-2004-1902 2004-12-31 2017-07-11
2.1
None Local Low Not required Partial None None
The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information.
6234 CVE-2004-1895 2004-12-31 2017-07-11
2.1
None Local Low Not required None Partial None
YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.
6235 CVE-2004-1894 2004-12-31 2017-07-11
2.1
None Local Low Not required None Partial None
TEXutil in ConTEXt, when executed with the --silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log.
6236 CVE-2004-1877 2004-03-30 2017-07-11
2.6
None Remote High Not required Partial None None
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.
6237 CVE-2004-1857 Dir. Trav. 2004-03-24 2017-07-11
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.
6238 CVE-2004-1834 2004-03-20 2021-06-06
2.1
None Local Low Not required Partial None None
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
6239 CVE-2004-1808 2004-12-31 2017-07-11
2.1
None Local Low Not required None Partial None
Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.
6240 CVE-2004-1795 2004-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI.
6241 CVE-2004-1753 2004-12-31 2017-07-11
2.6
None Remote High Not required None Partial None
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
6242 CVE-2004-1748 DoS 2004-12-31 2017-07-11
2.1
None Local Low Not required None None Partial
NtRegmon before 6.12 allows local users to cause a denial of service (crash), while NtRegmon is running, via invalid pointers to hook functions such as ZwSetQueryValue.
6243 CVE-2004-1718 DoS 2004-08-17 2017-07-11
2.1
None Local Low Not required None None Partial
The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the "oa" argument.
6244 CVE-2004-1714 DoS 2004-08-11 2017-07-11
2.1
None Local Low Not required None None Partial
BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.
6245 CVE-2004-1713 2004-08-10 2017-07-11
2.1
None Local Low Not required None Partial None
Unknown vulnerability in HP Process Resource Manager (PRM) C.02.01[.01] and earlier, as used by HP-UX Workload Manager (WLM), allows local users to corrupt data files.
6246 CVE-2004-1709 2004-08-04 2017-07-11
2.1
None Local Low Not required Partial None None
Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token and the driver, which could allow local users to obtain the PINs of other users.
6247 CVE-2004-1689 2004-09-16 2017-07-11
2.1
None Local Low Not required Partial None None
sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.
6248 CVE-2004-1615 DoS 2004-10-18 2017-07-11
2.6
None Remote High Not required None None Partial
Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme.
6249 CVE-2004-1586 2004-12-31 2016-10-18
2.1
None Local Low Not required None Partial None
Flash Messaging clients can ignore disconnecting commands such as "shutdown" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected.
6250 CVE-2004-1500 DoS 2004-12-31 2017-07-11
2.1
None Local Low Not required None None Partial
Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (application crash) via format string specifiers in (1) a nickname or (2) a message.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.